Vulnerabilites related to cisco - unified_ip_phone_6945
Vulnerability from fkie_nvd
Published
2020-06-18 03:15
Modified
2024-11-21 05:30
Summary
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.
Impacted products
Vendor Product Version
cisco unified_ip_phone_6901_firmware *
cisco unified_ip_phone_6901 -
cisco unified_ip_phone_6961_firmware *
cisco unified_ip_phone_6961 -
cisco unified_ip_phone_6945_firmware *
cisco unified_ip_phone_6945 -
cisco unified_ip_phone_6941_firmware *
cisco unified_ip_phone_6941 -
cisco unified_ip_phone_6921_firmware *
cisco unified_ip_phone_6921 -
cisco unified_ip_phone_6911_firmware *
cisco unified_ip_phone_6911 -
cisco unified_ip_phone_7832_firmware *
cisco unified_ip_phone_7832 -
cisco unified_ip_phone_7861_firmware *
cisco unified_ip_phone_7861 -
cisco unified_ip_phone_7841_firmware *
cisco unified_ip_phone_7841 -
cisco unified_ip_phone_7821_firmware *
cisco unified_ip_phone_7821 -
cisco unified_ip_phone_7811_firmware *
cisco unified_ip_phone_7811 -
cisco unified_ip_phone_7937g_firmware *
cisco unified_ip_phone_7937g -
cisco unified_ip_phone_7975g_firmware *
cisco unified_ip_phone_7975g -
cisco unified_ip_phone_7965g_firmware *
cisco unified_ip_phone_7965g -
cisco unified_ip_phone_7962g_firmware *
cisco unified_ip_phone_7962g -
cisco unified_ip_phone_7961g_firmware *
cisco unified_ip_phone_7961g -
cisco unified_ip_phone_7960g_firmware *
cisco unified_ip_phone_7960g -
cisco unified_ip_phone_7945g_firmware *
cisco unified_ip_phone_7945g -
cisco unified_ip_phone_7942g_firmware *
cisco unified_ip_phone_7942g -
cisco unified_ip_phone_7941g_firmware *
cisco unified_ip_phone_7941g -
cisco unified_ip_phone_7940g_firmware *
cisco unified_ip_phone_7940g -
cisco unified_ip_phone_7931g_firmware *
cisco unified_ip_phone_7931g -
cisco unified_ip_phone_7911g_firmware *
cisco unified_ip_phone_7911g -
cisco unified_ip_phone_7906g_firmware *
cisco unified_ip_phone_7906g -
cisco unified_ip_phone_8811_firmware *
cisco unified_ip_phone_8811 -
cisco unified_ip_phone_8841_firmware *
cisco unified_ip_phone_8841 -
cisco unified_ip_phone_8845_firmware *
cisco unified_ip_phone_8845 -
cisco unified_ip_phone_8851_firmware *
cisco unified_ip_phone_8851 -
cisco unified_ip_phone_8851nr_firmware *
cisco unified_ip_phone_8851nr -
cisco unified_ip_phone_8861_firmware *
cisco unified_ip_phone_8861 -
cisco unified_ip_phone_8865_firmware *
cisco unified_ip_phone_8865 -
cisco unified_ip_phone_8865nr_firmware *
cisco unified_ip_phone_8865nr -
cisco unified_ip_phone_8961_firmware *
cisco unified_ip_phone_8961 -
cisco unified_ip_phone_8945_firmware *
cisco unified_ip_phone_8945 -
cisco unified_ip_phone_8941_firmware *
cisco unified_ip_phone_8941 -
cisco unified_ip_phone_9971_firmware *
cisco unified_ip_phone_9971 -
cisco unified_ip_phone_9951_firmware *
cisco unified_ip_phone_9951 -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_6901_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9B5E567-41A0-4C9A-91A3-63EB5543F73F",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_6901:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "12C78A9E-35FA-4CC7-B51F-25133B3D6DA9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_6961_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B0A706C-5D52-4FF9-A7D0-D81B8D44A7A0",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_6961:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BEDF755A-DFA2-4BCB-9A06-0A225B8F05B7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_6945_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9303F605-1F5D-4740-BE11-0A1176A68E80",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_6945:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4B3B667E-9019-4A33-9BB0-D15560EC4145",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_6941_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "455F7CDE-B0C9-44B7-AD55-EA03B287A9DF",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_6941:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FAD4832E-16D3-4E26-B8ED-D32F5CB83180",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_6921_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB7A8AC1-6EF0-4FDC-8C18-3118F3F53C8B",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_6921:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9B807519-7A91-4137-8B0D-0820C6299C13",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_6911_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CEC48E7-E9D8-406D-963C-06F5F2209423",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_6911:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F32CF4BC-40AD-4C9C-8787-2B7EAE2B3B5F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_7832_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "552DA0C7-01D3-46E1-AC87-2CF41408EF0D",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_7832:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C42D5D4-E5BF-4668-81F0-9D76552E0DCE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_7861_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0CAED4E4-23FA-4B15-8138-8B79392FC666",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_7861:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "045E3CD2-AC00-4BA7-A0B0-94D9ACF1F6CF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_7841_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C60EC68-7A31-4CBB-BCC4-DD56299C6EEA",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_7841:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2CAEF25F-B028-487D-B396-C33D5246D188",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_7821_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A0921726-02A0-47D0-9E40-E1E3DD6D5A22",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_7821:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "182E3741-46FC-47D3-B075-772E87C8F80C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_7811_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1EFB1A0-ED54-4586-9A10-E27A936AE6B6",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_7811:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6551539F-39C1-4CD6-92F3-FE330E92CC06",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_7937g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CE7BECC3-B86D-4669-8463-DAE35D406B1B",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_7937g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F69722C8-73F9-4989-817B-DF8F882676AD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_7975g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F6D10125-025C-42B5-93D9-5A4FA79290C3",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_7975g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8BA879B6-04D6-402A-8F38-8A7CB34D76F4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_7965g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "82C369BE-4A67-489B-9A26-AB00D4C4E409",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_7965g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF30D1CC-D27F-49FF-9C63-BB890002D1C2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_7962g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA428649-4098-4166-8ED3-4A1C707F00FB",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_7962g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8424EA40-BAEE-4503-A826-003C478D07F0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_7961g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "57152C53-3445-4CDD-9C3F-DB0067611DAB",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_7961g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1B979DC-52B4-497E-9D7C-3D8F861E6E26",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_7960g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B10AA232-FF33-4062-977C-984D2E2CBF70",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_7960g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DFA9051-62CB-4C7B-9C97-CD901DC778F0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_7945g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D8A52F3-1D02-4D2F-A68D-276D065BD00B",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_7945g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5980E646-CA07-4222-A9DD-A71306A4A678",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_7942g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E24932D-8F8E-4991-858D-246D5CD594B7",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_7942g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "37232BAF-C3BD-45A3-B54F-3DA2E15F2FBD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_7941g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "79A195E8-4210-4F4A-B742-1C943DF5D2AF",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_7941g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7519FF0-672E-430F-980D-53D2A851C78C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_7940g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "34AC4FC0-1504-449C-86CC-1033D0BBD994",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_7940g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "84AEFB6F-3534-478A-97FF-C100A86A269E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_7931g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C2B814BA-710F-4E42-8EA0-F9B59B5E2A39",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_7931g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E0D51724-CA7C-4F8E-9C02-408A96E32860",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_7911g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CB2313E3-D3C9-4990-8657-05345C386759",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_7911g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BF164BA-91F9-434B-9837-1B6E600A91AF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_7906g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7EA3D2C-8327-4D0F-9AD8-3373AB3CCC53",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_7906g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "94B18568-30F5-40BF-96DB-589ED8D960F5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_8811_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2D8DA83E-9548-455E-BCFF-5238FB56BF48",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_8811:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D96E5B04-7CFF-4DF9-A356-C015AD8F5536",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_8841_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "15426BD5-25E2-43B6-9E6E-346F26E2AC1A",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_8841:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80B68502-F042-4094-BECB-0C59C3C6D07F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_8845_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "33CD3FFF-1517-4EF7-AE38-F6DA836100AE",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_8845:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF629B3C-0874-4BC9-97F3-28A5A7AC8917",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_8851_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CD08767-7F00-48E6-87A9-99FE9E2D96B9",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_8851:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "37B37ABB-C273-47B1-B7B0-692280CC957B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_8851nr_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "79C63F44-F1B6-47A3-900E-BA9B7A2EDAE3",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_8851nr:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B021B260-CD3C-4EA5-9A2C-FE80B4ACA787",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_8861_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "118AE4A2-F0DB-4E0B-9998-A56711723D34",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_8861:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3BB9129D-607E-4227-984E-F0FC2F9047ED",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_8865_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "27AFD285-F65F-4B09-97C1-082C953EFCB9",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_8865:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B01FB146-FB66-4251-8025-F38C49FE9CAC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_8865nr_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8399BC8F-6DCD-4A61-9E1B-FFA636BAD4C2",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_8865nr:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5EB7D543-296F-44AE-9335-BF3244F21E55",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_8961_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "25923E46-A572-4731-9EAA-3A3B52D83FD3",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_8961:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "73338C3B-3AFA-4F64-B8C6-FDEBBBDCFD31",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_8945_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "02037FE7-B885-4C3D-9516-8C8D32D168B9",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_8945:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "645668C0-1702-4EBE-AF4D-F73824AF4C41",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_8941_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "89E58087-9ABF-4BF6-BCC9-F7904593A5D6",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_8941:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE80CCF2-84B6-409D-BED3-D1C3D8807D5F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_9971_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "486E6F8D-3563-42DF-86FA-34200B14FB2F",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_9971:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FBF7ABE8-03D3-4ACA-834A-89D37D5EBFB2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_9951_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C416A15-52CB-4850-8C5B-E3E9C9087FB3",
                     versionEndIncluding: "12.8\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_9951:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0B483E7-0B8D-480B-94B9-93F00AE91B4B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en la funcionalidad Web Access de Cisco IP Phones Series 7800 y Series 8800, podría permitir a un atacante remoto no autenticado visualizar información confidencial sobre un dispositivo afectado. La vulnerabilidad es debido a controles de acceso inapropiados en la interfaz de administración basada en web de un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad mediante el envío de solicitudes maliciosas al dispositivo, lo que podría permitirle omitir las restricciones de acceso. Un ataque con éxito podría permitir al atacante visualizar información confidencial, incluyendo los registros de llamadas del dispositivo que contienen nombres, nombres de usuario y números de teléfono de los usuarios del dispositivo",
      },
   ],
   id: "CVE-2020-3360",
   lastModified: "2024-11-21T05:30:52.567",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-18T03:15:14.403",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-863",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-06-15 18:15
Modified
2024-11-21 06:43
Summary
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_6911_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "33DC1B73-7716-4C33-B708-DB70C91D4EFF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_6911:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F32CF4BC-40AD-4C9C-8787-2B7EAE2B3B5F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_6921_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF807E93-45B9-4197-A475-81FD8BB84360",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_6921:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9B807519-7A91-4137-8B0D-0820C6299C13",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_6941_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "538BDFFF-1F29-4612-9415-9ABE0DF61B3B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_6941:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FAD4832E-16D3-4E26-B8ED-D32F5CB83180",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_6945_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "73C85716-FF1C-4DDF-BA4B-8F082C0F41EB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_6945:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4B3B667E-9019-4A33-9BB0-D15560EC4145",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_6961_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE612EC5-04F4-48C7-9491-513DE4752304",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_6961:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BEDF755A-DFA2-4BCB-9A06-0A225B8F05B7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_8941_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2CADFBC-152A-4360-8A3B-74AC7D7C6AE4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_8941:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE80CCF2-84B6-409D-BED3-D1C3D8807D5F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_8945_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2811EB8-047B-4B6B-AEE2-90B175829D18",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_8945:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "645668C0-1702-4EBE-AF4D-F73824AF4C41",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_8961_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AE399426-F090-4E49-9B8D-F5626ED8DD0A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_8961:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "73338C3B-3AFA-4F64-B8C6-FDEBBBDCFD31",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_9951_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "63DB2B9A-C131-4FA1-BFE3-E2879A8C945D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_9951:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0B483E7-0B8D-480B-94B9-93F00AE91B4B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:unified_ip_phone_9971_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "667CCF0A-0D40-4000-9DD5-FE506F0BC725",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:unified_ip_phone_9971:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FBF7ABE8-03D3-4ACA-834A-89D37D5EBFB2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ata_187_analog_telephone_adapter_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED8E935A-C400-45D0-85C1-7C75769E2AA5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ata_187_analog_telephone_adapter:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA0CD943-831E-49B6-8BA9-EA21972ACEBA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en los teléfonos IP de Cisco Unified podría permitir a un atacante remoto no autenticado hacerse pasar por el teléfono de otro usuario si Cisco Unified Communications Manager (CUCM) está en modo seguro. Esta vulnerabilidad es debido a la generación inapropiada de claves durante el proceso de fabricación que podría resultar en claves fabricadas duplicadas instaladas en varios dispositivos. Un atacante podría aprovechar esta vulnerabilidad al llevar a cabo un ataque de máquina en el medio en la comunicación segura entre el teléfono y el CUCM. Una explotación con éxito podría permitir al atacante hacerse pasar por el teléfono de otro usuario. Esta vulnerabilidad no puede abordarse con actualizaciones de software. Se presenta una mitigación que aborda esta vulnerabilidad",
      },
   ],
   id: "CVE-2022-20817",
   lastModified: "2024-11-21T06:43:36.787",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.4,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.2,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.4,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-06-15T18:15:08.997",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-338",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-338",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2022-20817
Vulnerability from cvelistv5
Published
2022-06-15 17:55
Modified
2024-11-01 19:02
Summary
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.
Impacted products
Vendor Product Version
Cisco Cisco IP Phones with Multiplatform Firmware Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:24:49.918Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20220615 Cisco IP Phone Duplicate Key Vulnerability",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-20817",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-01T18:42:50.391033Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-01T19:02:31.240Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco IP Phones with Multiplatform Firmware",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2022-06-15T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 7.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-338",
                     description: "CWE-338",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-06-15T17:55:32",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20220615 Cisco IP Phone Duplicate Key Vulnerability",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4",
            },
         ],
         source: {
            advisory: "cisco-sa-cp6901-dup-cert-82jdJGe4",
            defect: [
               [
                  "CSCvz07149",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco IP Phone Duplicate Key Vulnerability",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2022-06-15T23:00:00",
               ID: "CVE-2022-20817",
               STATE: "PUBLIC",
               TITLE: "Cisco IP Phone Duplicate Key Vulnerability",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco IP Phones with Multiplatform Firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "7.4",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-338",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20220615 Cisco IP Phone Duplicate Key Vulnerability",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-cp6901-dup-cert-82jdJGe4",
               defect: [
                  [
                     "CSCvz07149",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2022-20817",
      datePublished: "2022-06-15T17:55:32.726275Z",
      dateReserved: "2021-11-02T00:00:00",
      dateUpdated: "2024-11-01T19:02:31.240Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-3360
Vulnerability from cvelistv5
Published
2020-06-18 02:17
Modified
2024-11-15 17:05
Summary
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.
Impacted products
Vendor Product Version
Cisco Cisco IP Phone 8800 Series Software Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T07:30:58.207Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2020-3360",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-15T16:21:10.982053Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-15T17:05:37.576Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco IP Phone 8800 Series Software",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2020-06-17T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-200",
                     description: "CWE-200",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-06-18T02:17:03",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM",
            },
         ],
         source: {
            advisory: "cisco-sa-phone-logs-2O7f7ExM",
            defect: [
               [
                  "CSCvt23310",
                  "CSCvt27636",
                  "CSCvt27637",
                  "CSCvt27645",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2020-06-17T16:00:00",
               ID: "CVE-2020-3360",
               STATE: "PUBLIC",
               TITLE: "Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco IP Phone 8800 Series Software",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "5.3",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-200",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-phone-logs-2O7f7ExM",
               defect: [
                  [
                     "CSCvt23310",
                     "CSCvt27636",
                     "CSCvt27637",
                     "CSCvt27645",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2020-3360",
      datePublished: "2020-06-18T02:17:03.642062Z",
      dateReserved: "2019-12-12T00:00:00",
      dateUpdated: "2024-11-15T17:05:37.576Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}